Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/o4guHyoWEz9ezylB_aKjjJ-AqaU.roa
File:                     o4guHyoWEz9ezylB_aKjjJ-AqaU.roa (raw, json)
Hash identifier:          4/zXqSB5+vALqyttqwzCcQyLqlBurzLl72Ng1pMtoAE=
Subject key identifier:   A3:88:2E:1F:2A:16:13:3F:5E:CF:29:41:FD:A2:A3:8C:9F:80:A9:A5
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       01990F23B38B70B2B0E6AF6351FD4C58A59F
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/o4guHyoWEz9ezylB_aKjjJ-AqaU.roa
Signing time:             Wed 03 Sep 2025 10:33:41 +0000
ROA not before:           Wed 03 Sep 2025 10:33:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        212.100.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:23:b3:8b:70:b2:b0:e6:af:63:51:fd:4c:58:a5:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Sep  3 10:33:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3882e1f2a16133f5ecf2941fda2a38c9f80a9a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e1:e0:f3:8b:37:60:fd:38:7a:f2:64:33:3a:
                    8a:5e:0a:e3:cd:37:d5:d0:47:80:68:3c:86:40:cb:
                    45:11:17:e4:fb:68:7e:1b:c4:cf:07:07:c4:42:2e:
                    82:28:0a:af:d4:73:a0:a6:76:db:1e:f3:8b:ba:f5:
                    ed:c3:5e:06:18:09:f5:ff:9d:68:ee:38:bb:50:63:
                    e2:55:f3:72:c2:97:c6:61:e4:5c:eb:63:4d:c0:c4:
                    2f:c8:f8:a8:9e:b4:e3:0f:cd:7d:c2:41:d3:ad:b0:
                    13:e1:a2:ea:fb:ae:fd:50:c0:45:24:ca:d6:e2:1f:
                    1b:12:72:a8:cd:5b:6f:b8:a5:d1:af:62:07:65:2a:
                    1b:0c:d2:89:15:c3:0b:37:a0:d0:68:a8:d8:79:a8:
                    ae:b4:cc:7f:78:4a:d2:9b:c3:81:46:43:42:76:a0:
                    54:70:1e:d9:fc:ca:da:24:ba:83:e3:f6:41:36:29:
                    c2:47:39:4b:df:d5:6d:2c:8d:bb:aa:49:e3:68:e2:
                    11:99:28:b2:b5:ef:fa:80:c8:f5:75:a1:1a:e6:2f:
                    4a:10:27:d0:63:76:93:83:9f:d0:c4:06:b2:d1:4d:
                    38:43:ee:82:ec:81:6d:ed:49:53:8d:98:03:39:cc:
                    c3:c0:22:99:c0:7b:70:f1:8e:b5:00:e0:28:34:8b:
                    aa:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:88:2E:1F:2A:16:13:3F:5E:CF:29:41:FD:A2:A3:8C:9F:80:A9:A5
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/o4guHyoWEz9ezylB_aKjjJ-AqaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:07:e9:ba:71:5e:15:a2:e3:c3:a3:73:74:40:7d:04:89:8e:
         56:66:82:89:26:d9:f4:9f:1a:2f:07:2b:e7:3d:28:07:5b:f7:
         04:ab:7b:80:7c:5f:69:70:50:59:60:29:2b:be:03:2f:1e:ac:
         25:78:ed:89:3b:80:5a:6d:c0:14:40:11:7d:65:9c:0f:82:35:
         88:c2:be:b0:03:f1:dc:58:5e:d0:dd:c4:86:9f:86:10:ca:d1:
         54:cd:23:0d:fb:07:ee:aa:54:79:6d:94:1e:11:cb:30:0a:24:
         7d:15:6c:a1:54:80:1f:85:34:37:45:d8:de:0b:9c:4f:c9:98:
         de:b9:48:03:4f:b1:f3:72:80:21:9a:22:ee:bd:35:30:98:ba:
         8d:dc:eb:bb:7e:fc:bc:f0:ea:77:70:8c:75:94:bd:c4:3a:5f:
         95:7a:bd:5b:4e:23:37:35:b4:44:42:b5:d6:b0:12:8c:90:95:
         2c:f4:1a:4f:c2:4b:b3:c5:6f:ae:7d:ea:54:92:67:d8:e1:af:
         84:e7:f6:f6:5c:52:c9:c8:c3:65:ff:db:4b:79:79:f3:82:b0:
         96:a8:ee:22:4d:47:85:a5:8c:29:fb:a5:31:7b:ee:ac:14:dd:
         80:b8:25:da:6d:b4:3d:56:ea:2d:71:69:59:fd:f2:94:74:5b:
         98:dd:ec:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkPI7OLcLKw5q9jUf1MWKWfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUwOTAzMTAzMzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzg4MmUxZjJhMTYxMzNmNWVjZjI5NDFmZGEyYTM4YzlmODBhOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweHg84s3YP04evJkMzqKXgrjzTfV
0EeAaDyGQMtFERfk+2h+G8TPBwfEQi6CKAqv1HOgpnbbHvOLuvXtw14GGAn1/51o
7ji7UGPiVfNywpfGYeRc62NNwMQvyPionrTjD819wkHTrbAT4aLq+679UMBFJMrW
4h8bEnKozVtvuKXRr2IHZSobDNKJFcMLN6DQaKjYeaiutMx/eErSm8OBRkNCdqBU
cB7Z/MraJLqD4/ZBNinCRzlL39VtLI27qknjaOIRmSiyte/6gMj1daEa5i9KECfQ
Y3aTg5/QxAay0U04Q+6C7IFt7UlTjZgDOczDwCKZwHtw8Y61AOAoNIuqOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOILh8qFhM/Xs8pQf2io4yfgKmlMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvbzRndUh5b1dFejllenlsQl9hS2pqSi1BcWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSuMA0G
CSqGSIb3DQEBCwUAA4IBAQAnB+m6cV4VouPDo3N0QH0EiY5WZoKJJtn0nxovByvn
PSgHW/cEq3uAfF9pcFBZYCkrvgMvHqwleO2JO4BabcAUQBF9ZZwPgjWIwr6wA/Hc
WF7Q3cSGn4YQytFUzSMN+wfuqlR5bZQeEcswCiR9FWyhVIAfhTQ3RdjeC5xPyZje
uUgDT7HzcoAhmiLuvTUwmLqN3Ou7fvy88Op3cIx1lL3EOl+Ver1bTiM3NbREQrXW
sBKMkJUs9BpPwkuzxW+ufepUkmfY4a+E5/b2XFLJyMNl/9tLeXnzgrCWqO4iTUeF
pYwp+6Uxe+6sFN2AuCXabbQ9VuotcWlZ/fKUdFuY3ezM
-----END CERTIFICATE-----